facebook · travisb-nexthop · Mar 7, 2026
@@ -0,0 +1,16 @@
+{
+  "_comment" : [
+               "This file is used to execute post package install script(s) which may need to",
+               "be run after the base image is created. The execution happens in a chrooted",
+               "rootfs environment.",
+               "",
+               "The 'execute' array contains a list of scripts to be executed. Each command is",
+               "specified as an array with the first element being the path to the script and",
+               "subsequent elements being arguments to that script."
+               ],
+
+  "execute": [
+    [ "date"],
+    [ "uname", "-a"]
+  ]
+}
@@ -0,0 +1,16 @@
+{
+  "_comment" : [
+               "This file is used to specify list of additional packages to install",
+               "that need to be part of the image.",
+               "",
+               "The 'packages' is a list packages to be installed."
+               ],
+
+  "packages": [
+    "bc", "rsync", "wget", "curl",
+    "net-tools", "tcpdump",
+    "strace",
+    "lsof",
+    "podman-docker"
+  ]
+}
@@ -338,5 +338,5 @@ def _execute_build(
         return find_artifact_in_dir(
             output_dir=dist_dir,
             pattern=artifact_pattern,
-            component_name=self.component_name.capitalize(),
+            component_name=self.component_name,
         )
@@ -33,6 +33,7 @@
     "fboss-platform-stack": "fboss-platform-stack-*.tar",
     "fboss-forwarding-stack": "fboss-forwarding-stack-*.tar",
     "bsps": "bsp-*.tar",
+    "other_dependencies": "*.rpm",
 }
 
 

@@ -5,17 +5,28 @@
     "onie": "fboss-distro-image_onie.bin"
   },
   "kernel": {
+    "execute": ["kernel/scripts/build_kernel.sh", "6.11.1", "/output"],
+    "artifact": "kernel-6.11.1.rpms.tar"
   },
   "other_dependencies": [
+    { "download": "https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/Packages/nano-5.6.1-7.el9.x86_64.rpm"},
+    { "execute": ["examples/thirdparty_build.sh"], "artifact": "thirdparty-pkg-1.0-1.noarch.rpm"}
   ],
   "fboss-platform-stack": {
+    "execute": ["../fboss/oss/scripts/build_fboss_stack.sh", "platform"],
+    "artifact": "platform-stack.tar"
   },
   "bsps": [
   ],
   "sai": {
+    "download": "file:../fboss/oss/scripts/fake-sai-devel.tar.zstd"
   },
   "fboss-forwarding-stack": {
+    "execute": ["../fboss/oss/scripts/build_fboss_stack.sh", "forwarding"],
+    "artifact": "forwarding-stack.tar"
   },
   "image_build_hooks": {
+     "after_pkgs_install": "after_pkgs_install_input.json",
+     "after_pkgs_execute": "after_pkgs_execute_input.json"
   }
 }
@@ -2,6 +2,13 @@
 
 # Script that builds a PXE and USB bootable ISO an image using kiwi-ng-3.
 
+# For hardlinking component artifacts into the kiwi description tree we need
+# both source and destination to live on the same filesystem. The kiwi
+# description lives under /image_builder, so we expose the deps staging
+# directory there and create a /deps symlink pointing into it. The
+# /deps mount remains available for reading.
+ln -sfn /image_builder/deps_staging /deps
+
 # Get the full path to the workspace root directory where everything lives
 WSROOT=$(cd "$(dirname "$0")/.." && pwd)
 
@@ -22,10 +29,11 @@ TARGET_DIR="${WSROOT}/output"
 BUILD_PXE=""
 BUILD_ONIE=""
 KIWI_DEBUG=""
+AFTER_PKGS_INSTALL_FILE=""
+AFTER_PKGS_EXECUTE_FILE=""
 
-# User configurable variables (fboss tarfile and kernel rpm directory)
-FBOSS_TARFILE=""
-KERNEL_RPM_DIR="" # default: download LTS 6.12
+# User configurable variables
+DEPS_DIR="" # Component artifacts directory
 
 mkdir -p "${LOG_DIR}"
 LOG_FILE="${LOG_DIR}/build_image_in_container.log"
@@ -35,8 +43,9 @@ help() {
   echo ""
   echo "Options:"
   echo ""
-  echo "  -f|--fboss-tarfile          Location of compressed FBOSS tar file to add to image"
-  echo "  -k|--kernel-rpm-dir         Directory containing kernel rpms to install (default: download LTS 6.12)"
+  echo "  --deps <dir>                Directory containing component artifacts (organized by component name)"
+  echo "  -a|--after-pkgs-install     JSON File (in templates/centos-09.0 directory) containing additional packages to install to the image"
+  echo "  -e|--after-pkgs-execute     JSON File (in templates/centos-09.0 directory) containing list of commands to execute after packages are installed"
   echo "  -p|--build-pxe-usb          Build PXE and USB installers image (default: no)"
   echo "  -o|--build-onie             Build ONIE installer image (default: no)"
   echo ""
@@ -135,13 +144,8 @@ build_onie_installer() {
 while [[ $# -gt 0 ]]; do
   case "$1" in
 
-  -f | --fboss-tarfile)
-    FBOSS_TARFILE=$2
-    shift 2
-    ;;
-
-  -k | --kernel-rpm-dir)
-    KERNEL_RPM_DIR=$2
+  --deps)
+    DEPS_DIR=$2
     shift 2
     ;;
 
@@ -160,10 +164,21 @@ while [[ $# -gt 0 ]]; do
     shift 1
     ;;
 
+  -a | --after-pkgs-input-file)
+    AFTER_PKGS_INSTALL_FILE=$2
+    shift 2
+    ;;
+
+  -e | --after-pkgs-execute-file)
+    AFTER_PKGS_EXECUTE_FILE=$2
+    shift 2
+    ;;
+
   -h | --help)
     help
     exit 0
     ;;
+
   *)
     echo "Unrecognized command option: '${1}'"
     exit 1
@@ -179,61 +194,33 @@ dprint "Script launch cmdline: ${ORIGINAL_ARGS[*]}"
 dprint " ... logging all output to: ${LOG_FILE}"
 dprint " ... output directory: ${TARGET_DIR}"
 
-# Perform some sanity checks of user input
-if [ -n "${KERNEL_RPM_DIR}" ] && [ ! -d "${KERNEL_RPM_DIR}" ]; then
-  dprint "ERROR: directory of kernel rpms: ${KERNEL_RPM_DIR} not accessible, exiting..."
+# Perform some sanity checks of user input when an explicit --deps is provided
+if [ -n "${DEPS_DIR}" ] && [ ! -d "${DEPS_DIR}" ]; then
+  dprint "ERROR: deps directory: ${DEPS_DIR} not accessible, exiting..."
   exit 1
 fi
 
-if [ -n "${FBOSS_TARFILE}" ]; then
-  if [ ! -f "${FBOSS_TARFILE}" ]; then
-    dprint "ERROR: FBOSS tarfile: ${FBOSS_TARFILE} not accessible, exiting..."
-    exit 1
-  fi
-fi
-
 # Update the docker image
 dprint "Updating docker image..."
-update_docker >>"${LOG_FILE}" 2>&1
+update_docker |& tee -a "${LOG_FILE}"
 
 # Create the output directory (in case it doesn't exist)
 mkdir -p "${TARGET_DIR}"
 chmod 777 "${TARGET_DIR}"
 
-# If you place a tar file in the description directory, it will be automatically extracted and
-# overlayed on top of the root file system.  We use this to deploy FBOSS binaries that are generated
-# in a different build process.
 rm -f "${DESCRIPTION_DIR}/root.tar.gz" # Remove any existing tar file
-if [ -n "${FBOSS_TARFILE}" ]; then
-  if [ -f "${FBOSS_TARFILE}" ]; then
-    dprint "Copying ${FBOSS_TARFILE} to ${DESCRIPTION_DIR}/root.tar.gz ..."
-    cp "${FBOSS_TARFILE}" "${DESCRIPTION_DIR}/root.tar.gz"
-  else
-    dprint "ERROR: ${FBOSS_TARFILE} does not exist, exiting..."
-    exit 1
-  fi
-fi
 
-# Create a directory to hold the kernel rpms
+# Hardlink component artifacts to root/repos for processing in config.sh. When
+# no explicit --deps is provided, use /deps (which resolves into the
+# /image_builder filesystem) so that cp -la does not cross mount boundaries.
 rm -rf "${DESCRIPTION_DIR}/root/repos"
 mkdir -p "${DESCRIPTION_DIR}/root/repos"
 
-# If the user specified a kernel rpm directory, copy the rpms from there.  Otherwise, download them
-if [ -z "${KERNEL_RPM_DIR}" ]; then
-  dprint "Downloading LTS kernel 6.12 rpms to ${DESCRIPTION_DIR}/root/repos..."
-  dnf copr enable kwizart/kernel-longterm-6.12 -y >>"${LOG_FILE}" 2>&1
-  if ! dnf download --destdir="${DESCRIPTION_DIR}/root/repos" kernel-longterm-core-* kernel-longterm-modules-core-* >>"${LOG_FILE}" 2>&1; then
-    dprint "ERROR: Failed to download LTS kernel rpms, check logfile for errors, exiting..."
-    exit 1
-  fi
-else
-  dprint "Copying kernel rpms to ${DESCRIPTION_DIR}/root/repos..."
-  for rpm_file in "${KERNEL_RPM_DIR}"/*.rpm; do
-    if [ -f "$rpm_file" ]; then
-      dprint "   ... $(basename "$rpm_file")"
-      cp "$rpm_file" "${DESCRIPTION_DIR}/root/repos/"
-    fi
-  done
+EFFECTIVE_DEPS_DIR="${DEPS_DIR:-/deps}"
+
+if [ -d "${EFFECTIVE_DEPS_DIR}" ] && [ -n "$(ls -A "${EFFECTIVE_DEPS_DIR}" 2>/dev/null)" ]; then
+  dprint "Hardlinking component artifacts from ${EFFECTIVE_DEPS_DIR} to ${DESCRIPTION_DIR}/root/repos..."
+  cp -al "${EFFECTIVE_DEPS_DIR}"/* "${DESCRIPTION_DIR}/root/repos/"
 fi
 
 dprint "Copying /etc/resolv.conf to ${DESCRIPTION_DIR}/root/etc/resolv.conf..."
@@ -248,6 +235,26 @@ echo "Built on: $(date -u)" >"$DESCRIPTION_DIR/root/etc/build-info"
 dprint "Copying rootfs files to overlay..."
 cp -R ${DESCRIPTION_DIR}/root_files/* ${DESCRIPTION_DIR}/root/
 
+# Remove any existing after_pkgs files from previous runs
+rm -f ${DESCRIPTION_DIR}/root/var/tmp/after_pkgs_install_file.json
+rm -f ${DESCRIPTION_DIR}/root/var/tmp/after_pkgs_execute_file.json
+
+# Copy the after_pkgs input file in the rootfs so that we can access it the chrooted environment
+# The file, if provided by the user, should already copied into the centos-09.0 directory as part
+# of the image build process. Copy to fixed location in rootfs where config.sh checks for it.
+# These will be deleted once they are processed.
+if [[ -n ${AFTER_PKGS_INSTALL_FILE} && -f "${DESCRIPTION_DIR}/${AFTER_PKGS_INSTALL_FILE}" ]]; then
+  mkdir -p ${DESCRIPTION_DIR}/root/var/tmp
+  dprint "Copying ${DESCRIPTION_DIR}/${AFTER_PKGS_INSTALL_FILE} to ${DESCRIPTION_DIR}/root/var/tmp/after_pkgs_install_file.json"
+  cp ${DESCRIPTION_DIR}/${AFTER_PKGS_INSTALL_FILE} ${DESCRIPTION_DIR}/root/var/tmp/after_pkgs_install_file.json
+fi
+
+if [[ -n ${AFTER_PKGS_EXECUTE_FILE} && -f "${DESCRIPTION_DIR}/${AFTER_PKGS_EXECUTE_FILE}" ]]; then
+  mkdir -p ${DESCRIPTION_DIR}/root/var/tmp
+  dprint "Copying ${DESCRIPTION_DIR}/${AFTER_PKGS_EXECUTE_FILE} to ${DESCRIPTION_DIR}/root/var/tmp/after_pkgs_execute_file.json"
+  cp ${DESCRIPTION_DIR}/${AFTER_PKGS_EXECUTE_FILE} ${DESCRIPTION_DIR}/root/var/tmp/after_pkgs_execute_file.json
+fi
+
 # Generate the images
 PXE_RC=0
 ONIE_RC=0
@@ -263,7 +270,7 @@ if [ -n "${BUILD_PXE}" ]; then
       ${KIWI_DEBUG} system build \
       --description ${DESCRIPTION_DIR} \
       --target-dir ${TARGET_DIR}/btrfs |&
-      tee -a ${LOG_FILE} | awk '{print "PXE/USB Installer| " $0}'
+      stdbuf -oL tee -a ${LOG_FILE} | stdbuf -oL awk '{print "PXE/USB Installer| " $0}'
     mv ${TARGET_DIR}/btrfs/FBOSS-Distro-Image.x86_64-1.0.install.* ${TARGET_DIR}
   ) &
   PXE_PID=$!
@@ -280,7 +287,8 @@ if [ -n "${BUILD_ONIE}" ]; then
       ${KIWI_DEBUG} system build \
       --description ${DESCRIPTION_DIR} \
       --target-dir ${TARGET_DIR}/onie |&
-      tee -a ${LOG_FILE} | awk '{print "ONIE installer| " $0}'
+      stdbuf -oL tee -a ${LOG_FILE} | stdbuf -oL awk '{print "ONIE installer| " $0}'
+
     # Repack the rootfs so really long filenames are not truncated under Busybox
     dprint "Repacking rootfs with zstd..."
     mkdir ${TARGET_DIR}/onie/rootfs
@@ -314,6 +322,8 @@ if [ ${ONIE_RC} -ne 0 ]; then
   dprint "ERROR: ONIE installer build failed"
 fi
 
+rm -rf ${TARGET_DIR}/btrfs ${TARGET_DIR}/onie
+
 RC=$((PXE_RC + ONIE_RC))
 dprint "Image generation completed with exit code ${RC}"
 exit "${RC}"